3.1 Project Overview

Overview of Project ☁️

Scenario:

A mid-sized fintech company is expanding rapidly in the cloud. With dozens of AWS accounts and services being deployed, the security team struggles to keep track of risks such as public S3 buckets, open security groups, and unused IAM keys. Since they must comply with strict regulations, missing a misconfiguration or unusual login attempt could expose sensitive financial data and result in compliance violations.

Our solution:

We built a Cloud Threat Detection & Security Audit System that:

  • Deploys intentionally insecure resources automatically using AWS CloudFormation (so learners can quickly simulate real-world risks).
  • Detects suspicious activity in near real-time using Amazon GuardDuty.
  • Monitors for misconfigurations automatically with AWS Config Rules.
  • Runs lightweight custom Lambda audits to check IAM and S3.
  • Sends proactive alerts to the security team via Amazon SNS.

This system enables the company to catch issues like public S3 buckets, risky IAM users, or open security groups before attackers or auditors find them.

About Project:

In this project, you’ll learn how to combine threat detection, compliance monitoring, automation, and alerting into a single workflow.

  • These concepts are critical because cloud environments change rapidly, and relying only on manual checks is not enough. Automated detection ensures security gaps are caught early.
  • As a Cloud Security Engineer, you’ll need these skills to:
    • Deploy repeatable insecure test setups with CloudFormation.
    • Enable and interpret GuardDuty findings.
    • Implement compliance rules with AWS Config.
    • Write custom Lambda audits for org-specific checks.
    • Configure alerting pipelines so incidents reach the right people instantly.

By the end, you’ll have hands-on experience with tools that proactively protect real-world AWS environments.

Steps To Be Performed 👩‍💻

  1. Deploy intentionally insecure resources (EC2 with open SSH, S3 bucket with public read, IAM user with AdministratorAccess) using CloudFormation.
  2. Enable GuardDuty for real-time threat detection.
  3. Enable AWS Config Rules for compliance monitoring.
  4. Create a Lambda audit function to check IAM users and public S3 buckets.
  5. Configure SNS alerts for high-risk findings.

Services Used 🛠

  • AWS CloudFormation → Automated deployment of insecure test resources.
  • Amazon GuardDuty → Detects suspicious activity (e.g., port scans, risky logins).
  • AWS Config → Checks compliance (public buckets, open SSH, IAM rules).
  • AWS Lambda → Custom audit function for IAM + S3 checks.
  • Amazon SNS → Sends alerts to email.
  • Amazon EC2 / S3 / IAM → Intentionally insecure resources created for testing.

Estimated Time & Cost ⚙️

  • Estimated time: 3-4 hours
  • Cost: ~$0-$2

➡️ Architectural Diagram

This is the architectural diagram for the project:


➡️ Final Result

A working security audit system where:

  • GuardDuty detects suspicious activity like port probes on the EC2 instance.
  • AWS Config identifies misconfigured resources such as public S3 buckets and open SSH security groups.

  • The Lambda audit function highlights risky IAM users (with full admin access) and public buckets.

  • SNS delivers real-time email alerts for critical findings.

By the end, the security team has end-to-end visibility into threats and misconfigurations, plus automated alerts that make the environment safer and more compliant.

Complete and Continue